URLs not reported, SC finds, but does not offer to LART! Options

[mrogoff]

...Sorry, I'm not seeing what it is that you believe might be wrong.  Can you please clarify?

The system lost my previous reply so here goes again - very short.

I receive spam - I report spam (not quick) - spamcop initially refuses to offer to report URLs - sometimes folowing the 'View full message' link once and returning will cause spamcop to offer to report URLs - sometimes folowing the 'View full message' link four or five times and returning will cause spamcop to offer to report URLs - sometimes nothing can be done to get spamcop to offer to report the URLs.

[turetzsr]

...So do I understand correctly that you are basically reporting the same problem as appears in Gromit's March 29 Post in thread "URLs not reported, SC finds, but does not offer to LART!"?

[mrogoff]

...So do I understand correctly that you are basically reporting the same problem as appears in Gromit's March 29 Post in thread "URLs not reported, SC finds, but does not offer to LART!"?

Looks the same if you wade through all the other stuff - so you are telling me this has been documented for almost a month and it is still broken?

[turetzsr]

Looks the same if you wade through all the other stuff - so you are telling me this has been documented for almost a month and it is still broken?

...That's not surprising. There are, as I understand it:

• lots of things that are "broken," with varying degrees of significance/urgency/importance
• lots of work to do to keep up with new user tricks
• lots of work to do to manage the SpamCop server infrastructure and logic
• only one person (Julian) to do all this (although with some limited assistance from the "deputies," but not in terms of coding the parser)

.

[Wazoo]

Query for help has been sent upstream. In the interim ...

To the user concerned that hid/her post will be 'lost' ... it is the attempt by the Moderating team here to keep similar issues within one discussion, thus if an answer is available, it's known to all participants. Yes, the result may be long discussions, but ... as happens in the NNTP newsgroups, having the 'same' subject being talked about in 100 different threads, when one is looking for 'the solution' .. much easier to be looking in one spot as compared to running through the many unanswered/incomplete separate piles of words and only one has the needed data.

From this side of the screen, one knows not all the stuff going on from Julian's perspective, so the following is simple observation / opinion. The SpamCop parsing and reporting tool was developed by Julian for his own purposes. he then offered it up for public usage. The prime concept was to report to the source of the spam with the intent that a caring ISP would resolve the problem. As time went on, more options added, more capabilities added, more functions introduced. In the meantime, some spammers got smarter (the dumb ones giving up after having account after account cancelled by those caring ISPs)

These days you've got Julian working his magic, and you've got spammers working individually and collectively trying to defeat the SpamCop tool set. There's now enough money floating around (thanks to the gullible) that even the dumb spammers can now afford to hire knowledgable folks to work the 'net' to their own advantage. (old data, the 'net' was originally built by and for the U.S. Government, thus there was not the concept that looters and thieves would be part of the user base. Thus, the entire network was built based on all users being trusted.)

This 'current issue' is just that. Last year it was rotating DNS, the year before that it was .... on and on. Two years ago, it took weeks to get a DNS change propagated. Now, in some case, it's just a matter of minutes. Some spammers are sending spam that includes links that won't actually be activated for hours/days after the spam goes out. Some spam goes out with included links of a site that was squashed days before. Some include links that never were and never will be active. As seen in the numerous complaints about "links not reported" .. a lot of this would be discovered by minimal research. Some research done results in the URL being found active, yet that's done from a system/browser that's designed to allow some lengthy timeout variables, as compared to the parsing tool trying to handle thousands of look-ups a minute. That DNS lookups are just another bit of web traffic that can be denied by a bit of code on a server also seems to be overlooked by some folks (i.e., referrer data can be evaluated, querying IP can be evaluated, and certain items can be ignored/blocked/dropped by that DNS server) ... a bit of 'for instance' ... there's an individual in the newsgroups that makes a repeated complaint that the SpamCop reporting results that send output to a /dev/null (though still feeding the statistics table) account (due to past e-mail bouncing) must be in error, because his e-mail to that address does not bounce ... somehow not relating his use of filtering of his e-mail to an ISP's capability to also filter e-mail coming from a certain address ..???

Getting back to the above, let's go back to the beginning, at which time the focus was to shut down the spew. I don't believe that this focus has changed. The reporting of spamvertised wsb-sites was an additional capability added along the way, but it's still a secondary item of interest. There has never been anything in place to stop someone from reporting things themselves (99%+ of my spam complaints I do myself as I'm much more brutal than the SpamCop parsing/reporting tool), so it's not like the world of complaints has stopped. I can tell you that Julian is working on the codebase, that's almost a constant, but again, it's him against the numerous spammer collective out there. In example, the SpamCopDNSBL has lost a bit of 'power' based on the merging of some spammer / virus/trojan writer activity, compromising the multitudes of end-user computers to send the spew ... spammer just moves to a new compromised machine when the SCBL kicks in. The majority of those IP addresses are already found in other BLs that contain DUL (dial-up IPs) .. but once again, the reports do go out, but to ISPs that either can't, won't, or are very slow to handle the spew issue from their customer base. So the continuing levels of spew from these sources aren't a failure on SpamCop's part ...

Well, getting massive here, just hoping to toss some useful thoughts out ... again, note sent to Deputies for alternative / additional input .....

[DavidT]

Regarding multi-page topics vs. multiple topics, the pros and cons are about even, I think, in that unfortunately, many people won't page through 6 pages of a topic (assuming they're using the "Standard" display mode, as opposed to "Outline"), so posts on later pages will most likely receive less attention than if a new topic had been allowed to "spin off" of a long/old one. Wazoo has already explained the "pro" argument.

Back to the topic at hand - "URLS not reported" - I think I've got some good news! Recently, the parsing/reporting system didn't seem to be doing anything with the spamvertised links in all of the plain text messages I submitted using the web form, but today, it's tracking and offering to report all but the ones that won't resolve. I checked a few of those using a "safe" browser, and none of them resolved, so it's not that the SC system was giving up too easily.

Some of the spams I submittted had "http" links and some had links that omitted the "http" and started with only "www." The system parsed all of them, which is a major improvement over recent performance, so someone must have done a little work on the system in the last 24 hours. :-)

Edit: the apparent discrepancy between the SC system being unable to resolve URLs that are still "live" hasn't gone away. I took a Tracking URL from the SC newsgroup:

http://www.spamcop.net/sc?id=z755733028zfa...aa08c99a1cbcabz

and I see that the parser still "Cannot resolve" the URL, even though I was able to visit the site. The nameservers are not all responding, and those that do, are doing so slowly, so this seems to agree with Wazoo's explanation that the system can't afford to sit around and wait for a response when it's delayed. So, although my "issues" with the parsing system seem to be much better, it's still probably not going to always be able to track and report spamvertised sites with sluggish nameservers, AFAICT.

DT

This post has been edited by DavidT: Apr 27 2005, 10:53 AM

[Commander Dave]

[Disclaimer: I am a long time Spamcop member, but fairly new to posting to the forums. Please forgive any posting transgressions... I read the faq and as much of this thread as I could before posting, but it was a lot of material to cover. That being said...]

I noticed a simple little SPAM come into my inbox today and sent it off for reporting. Before hitting the submit button, I noticed that Spamcop couldn't find an IP for the link. Being the curious type, I checked the link and found it active in the browser. Thinking Spamcop made an error, I checked out the domain in a WHOIS search and it found nothing! Shortening the domain in the WHOIS came back with some info (for example, instead of x.y.com, I used y.com). Not sure if this shortened domain would be the same guys to report, however.

My question is:
How can a domain in a spam email go to a site and not come back in a WHOIS query? (It's not a timeout issue). Is this a new spammer trick to prevent the URL's from being reported?

Here is the link of the SPAM that I reported:
http://www.spamcop.net/sc?id=z758697415zdf...192f45f83f7814z
(I didn't post the links because it seems that was frowned upon - link is easily found in the report)

I posted in this thread because the topic seemed relavent. I wasn't able to read all the messages, so my apologies if this has already been addressed.

Thanks all...
-Commander Dave
(Posting newbie at-large (IMG:style_emoticons/default/smile.gif) )

[Wazoo]

Regarding multi-page topics vs. multiple topics, the pros and cons are about even, I think, in that unfortunately, many people won't page through 6 pages of a topic (assuming they're using the "Standard" display mode, as opposed to "Outline"), so posts on later pages will most likely receive less attention than if a new topic had been allowed to "spin off" of a long/old one. Wazoo has already explained the "pro" argument.

Just a quick note here ... IPB Forum data that left me a bit astounded .... one guy talking about a single Topic that went on for 90+ pages .... topped a bit by another person talking about one forum having 300+ sub-Forums ...???? No idea what these Forums are about, no links provided in the posts, but obviously some patient/dedicated users involved?

[Wazoo]

Shortening the domain in the WHOIS came back with some info (for example, instead of x.y.com, I used y.com). Not sure if this shortened domain would be the same guys to report, however.

The WHOIS data is a record of the Domain registration - equating to your example of "y.com" ..... the "x.y.com" is considered a sub-domain of "y.com" ....

To add to your possible confusion, there may be redirects involved .. and one could also point out that some browsers have some specific flaws that can allow for the spoofing of displayed data, so make sure you're up to date on updates, patches, and such.

[StevenUnderwood]

Just a quick note here ... IPB Forum data that left me a bit astounded .... one guy talking about a single Topic that went on for 90+ pages .... topped a bit by another person talking about one forum having 300+ sub-Forums ...????  No idea what these Forums are about, no links provided in the posts, but obviously some patient/dedicated users involved?

Wazoo, this is getting off topic but I am on an ezbaord (http://p222.ezboard.com/btheremyreport9033) that folows the Boston Red Sox that has a few long threads. Specifically, a thread Curt Schilling posts to before each start (superstition) and many replies to each. Last seasons thread lasted for 86 pages I believe so they started a new thread for this season, whichis already at 9 pages. Usually people only check out the last few pages or keep up with it throughout the season like I do. Of course, being a fan site, people are not usually looking for answers to anything, so the focus is a little diferent. On that board, there are only a few different forums I follow.

[Commander Dave]

The WHOIS data is a record of the Domain registration - equating to your example of "y.com" ..... the "x.y.com" is considered a sub-domain of "y.com" ....

To add to your possible confusion, there may be redirects involved .. and one could also point out that some browsers have some specific flaws that can allow for the spoofing of displayed data, so make sure you're up to date on updates, patches, and such.

I should be current on all patches... I make it a point to keep up to date in that regard. Since x.y.com would be a subdomain of y.com, why doesn't x.y.com bring up any registration info in WHOIS? It looks as though Spamcop is just trying to find the x.y.com and since it doesn't come up with an IP, it just thinks the URL is a fake.

I'm not knowlegable as you guys on the internal workings (I use Spamcop more as an appliance - it just works), but it seems to me if this kind of thing is easy to do then spammers have found a way to keep their links from being reported, which is a big problem for Spamcop, IMO.

Cheers!
-Commander Dave

[DavidT]

Since  x.y.com would be a subdomain of y.com, why doesn't x.y.com bring up any registration info in WHOIS? It looks as though Spamcop is just trying to find the x.y.com and since it doesn't come up with an IP, it just thinks the URL is a fake.

There are different types of "whois" lookups. The ones more commonly seen are for the actual domains. A subdomain is under the umbrella responsibilty of the domain, so many "whois" forms won't accept subdomains, because that's not really the correct use of that tool. However, the lookup at "whois.net" apparently will go ahead and take a faulty entry like "x.y.com" and strip off the "x." and give you the results for "y.com." SpamCop can't really make use of any of the registration info anyway, because it's often bogus.

The other type of "whois" lookup doesn't involve domain names, but rather the IP addresses associated with host names. An example of that kind of lookup can be found at ARIN.net. SpamCop determines the IP address for a given host using DNS tables, then is uses cached "whois" information to lookup the responsible parties for that IP address. Once that's determined, I think it uses the contact information archived at "abuse.net" for a given IP, along with some internal analysis of the validity of those addresses (for example, it checks to see if the addresses have bounced when submitting reports in the past).

I just parsed a plain text spam with three http links, all to the same hostname (a subdomain, just as in your example)...here's the Tracking URL:

http://www.spamcop.net/sc?id=z758750349z93...262466c364730ez

The first time I ran it through the parser, the system skipped from the Resolving link obfuscation results to the Please make sure this email IS spam section, so I refreshed the screen, and the next time, it went ahead with the Tracking link: procedure and offered to report the links. This is the topic at hand in this thread, that the system is inconsistent and unpredictable, and that you have to force the system to (repeatedly) re-parse a given spam in order to get it to finally offer to report the spamvertised links.

I checked the links in the spam cited above, and they were resolving quite quickly...I think the parsing/reporting system has some problems.

Edit: I just tried parsing that Tracking URL repeatedly and now the system is skipping the analysis of the links every time...I can't get it to try to report them, which I was able to do sever times earlier.

DT

This post has been edited by DavidT: May 1 2005, 04:30 PM

[Wazoo]

A couple (or more) things here ... first of all, per the last Commander Dave tracking URL in question, see http://www.dnsreport.com/tools/dnsreport.c...=24x7-loans.com

Next: Most "normal" folks would have a 'home' page, with at the Domain URL, with sub-pages. In this particular case, there is no 'real data' page at this location.

05/01/05 16:13:49 Browsing http://24x7-loans.com/
Fetching http://24x7-loans.com/ ...
GET / HTTP/1.1
Host: 24x7-loans.com
Connection: close

HTTP/1.1 200 OK
Date: Sun, 01 May 2005 21:13:03 GMT
Server: Apache/2.0.40 (Red Hat Linux)
Accept-Ranges: bytes
X-Powered-By: PHP/4.2.2
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1

So we try the sub-domain listed in the spam example (Noting no real difference);
05/01/05 16:04:27 Browsing http://n80tr3gm7.24x7-loans.com/
Fetching http://n80tr3gm7.24x7-loans.com/ ...
GET / HTTP/1.1
Host: n80tr3gm7.24x7-loans.com
Connection: close

HTTP/1.1 200 OK
Date: Sun, 01 May 2005 21:03:41 GMT
Server: Apache/2.0.40 (Red Hat Linux)
Accept-Ranges: bytes
X-Powered-By: PHP/4.2.2
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1

So then we try the actual link found in the spam (just a snippet provided);

05/01/05 16:05:18 Browsing http://n80tr3gm7.24x7-loans.com/3/index/ryn/zkxzklr
Fetching http://n80tr3gm7.24x7-loans.com/3/index/ryn/zkxzklr ...
GET /3/index/ryn/zkxzklr HTTP/1.1
Host: n80tr3gm7.24x7-loans.com
Connection: close

HTTP/1.1 200 OK
Date: Sun, 01 May 2005 21:04:31 GMT
Server: Apache/2.0.40 (Red Hat Linux)
Accept-Ranges: bytes
X-Powered-By: PHP/4.2.2
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
58
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
2
<S
198
CRIPT language="java scri_pt" src="/1/formValidation.js"></scri_pt>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>60 Second Mortgage Quote Form</title>

To show what's really going on here, the following results come from a page that that used a 'sub-domain' created by just replacing the leading garbage data with the string '123456789' ...

05/01/05 16:06:41 Browsing http://123456789.24x7-loans.com/3/index/ryn/zkxzklr
Fetching http://123456789.24x7-loans.com/3/index/ryn/zkxzklr ...
GET /3/index/ryn/zkxzklr HTTP/1.1
Host: 123456789.24x7-loans.com
Connection: close

HTTP/1.1 200 OK
Date: Sun, 01 May 2005 21:05:54 GMT
Server: Apache/2.0.40 (Red Hat Linux)
Accept-Ranges: bytes
X-Powered-By: PHP/4.2.2
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
58
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
2
<S
198
CRIPT language="java scri_pt" src="/1/formValidation.js"></scri_pt>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>60 Second Mortgage Quote Form</title>

Basically, the use of a "wild-card" DNS ... spammer accepts anything as a sub-domain 'name' (pointing back to WHOIS data only recording the Domain data, the sub-Domains still under the control of that agent/person/company ..)

And as stated elsewhere, in addition to the funky DNS settings (that appear to be under the control of the spammer) a server (be it web-site, DNS, e-mail, whatever) can be configured to 'manage' certain traffic, IP ranges, referrer information, etc.

whois -h whois.crsnic.net 24x7-loans.com ...
Redirecting to R&K GLOBALBUSINESSSERVICES,INC. DBA 000DOMAINS.COM
whois -h whois.000domains.com 24x7-loans.com ...
Domain Services Provided By:
000domains, support[at]000domains.com
http://www.000domains.com

Registrant:
NONE
93 5th St.
New York, NY 38476
US
Registrar: 000DOM
Domain Name: 24X7-LOANS.COM
Created on: 27-APR-05
Expires on: 27-APR-06
Last Updated on: 27-APR-05
Administrative, Technical Contact:
Hass, Jessie jayhaa[at]fusemail.com
NONE
93 5th St.
New York, NY 38476
US
+1.2063384168
+1.2063384168
Domain servers in listed order:
NS1.24X7-LOANS.COM
NS2.24X7-LOANS.COM

05/01/05 16:32:14 Slow traceroute 24x7-loans.com
Trace 24x7-loans.com (69.67.64.232) ...
152.63.55.133 RTT: 71ms TTL: 80 (0.so-7-0-0.XL2.SJC1.ALTER.NET ok)
152.63.55.125 RTT: 68ms TTL: 80 (POS1-0.XR2.SJC1.ALTER.NET ok)
152.63.49.33 RTT: 69ms TTL: 80 (192.ATM6-0.GW3.SJC1.ALTER.NET ok)
208.214.137.46 RTT: 69ms TTL: 80 (mini-voip-gw.customer.alter.net bogus rDNS: host not found [authoritative])
69.67.64.232 RTT: 70ms TTL: 51 (24x7-loans.com ok)

05/01/05 16:33:09 IP block 69.67.64.232
Trying 69.67.64.232 at ARIN
Trying 69.67.64 at ARIN

OrgName: Whoa USA Inc
OrgID: WHOAU
Address: P.O Box 20482
Address: NOC
City: San Jose
StateProv: CA
PostalCode: 95160
Country: US

NetRange: 69.67.64.0 - 69.67.79.255
CIDR: 69.67.64.0/20
NetName: WHOA-USA-INC
NetHandle: NET-69-67-64-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.OASISVN.COM
NameServer: NS2.OASISVN.COM
Comment:
RegDate: 2003-08-07
Updated: 2003-08-07

OrgTechHandle: NOC1264-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-408-268-4526
OrgTechEmail: whoa007[at]pacbell.net

Basically, there isn't anyone involved with this that is known to "take action" on complaints anyway ... perhaps a complaint about the Registration data ..???

[Commander Dave]

Thanks to all that responded to my post... as I said before, I don't have the experience to get into the details of the parsing of the URL's, but from what I have followed in the replies seems to point to a flaw (or abberation) in the parser.

Since I feel I have done my job in reporting the abberation, I am going to leave it in the capable hands of the guru's to fix the problem/issue. Any futher participation on my part would probably on hinder a solution.

I really like Spamcop and hope that as the spammers get smarter the software will continue to keep pace. With the technical expertise here, I'm sure it will. (IMG:style_emoticons/default/smile.gif)

Cheers!
-Commander Dave

[twrbspam]

I'm having the aborted url parsing problem on most of my reports now, e.g.

http://www.spamcop.net/sc?id=z759841648z8f...6428d1ef80947dz

SC starts to parse the url(s) in the spam, and then just seemingly stops and skips to "Please make sure this email is spam" without completing the parsing or attempting to resolve the url. Known bug?

twrb
san diego

[Wazoo]

I'm having the aborted url parsing problem on most of my reports now, e.g.

http://www.spamcop.net/sc?id=z759841648z8f...6428d1ef80947dz

SC starts to parse the url(s) in the spam, and then just seemingly stops and skips to "Please make sure this email is spam" without completing the parsing or attempting to resolve the url.  Known bug?

Bit of an odd question when added to the end of such a long discussion?

http://vipktxrocfe.org&vrbqkwfcrf5yduahncb...tumliakf%2ecom/ is
http://vipktxrocfe.org&vrbqkwfcrf5yduahncb...ultumliakf.com/

http://www.dnsreport.com/tools/dnsreport.c...multumliakf.com
shows some of the issues with this site .... once again, the "timeout" issue is involved ...

[twrbspam]

Bit of an odd question when added to the end of such a long discussion?

Perhaps. (IMG:style_emoticons/default/wink.gif) But this is the thread where this issue is being discussed, no? And I'm curious as to whether anything is being done about the original issue as, if I may quote my hero Edward Gorey, "....things do not get better, but worse." Anecdotally at least, this observation was the exception. Now it's pretty much the rule.

[Wazoo]

To which I can only respond with ... there is stuff going on, there is some dialog going on the 'back rooms' ... and that's all I can presently offer on the "big picture" .. thus the item-by-specific-item type answers at this point. As stated elsewhere, Jeff G. has a Glossary entry dealing with "Manual Reporting" (which is how most of my reporting is still accomplished, again, being much more brutal than the SpamCop parser)

Have you checked the Forum FAQ yet? I have just recently edited a new item that at least attempts to offer some philosophy on the situation.

[chazz]

Okay, this is a bug I've been seeing for a long time. SpamCop sees the embedded URLs in a message, reports them to me, but then doesn't offer to send the final LART.

The Spam: Here's a case in point.

CODE

Resolving link obfuscation
http://hihsqio.org&ezibeqnbjc98odjq7m0b%2eadamasnaghk%2ecom/
  Percent unescape: http://hihsqio.org&ezibeqnbjc98odjq7m0b.adamasnaghk.com/
  chopping username "hihsqio.org&" from URL: http://ezibeqnbjc98odjq7m0b.adamasnaghk.com/

Please make sure this email IS spam:

Okay, it de-obfuscated the link OK, why didn't it go on to the next step?

So refresh. About 10 times. And then I see:

CODE

Resolving link obfuscation
http://hihsqio.org&ezibeqnbjc98odjq7m0b%2eadamasnaghk%2ecom/
  Percent unescape: http://hihsqio.org&ezibeqnbjc98odjq7m0b.adamasnaghk.com/
  chopping username "hihsqio.org&" from URL: http://ezibeqnbjc98odjq7m0b.adamasnaghk.com/
  host ezibeqnbjc98odjq7m0b.adamasnaghk.com (checking ip) = 200.149.11.62
  host 200.149.11.62 (getting name) no name

Please make sure this email IS spam:

Better, but still no LART offer. Refresh some more? Don't mind if i do. About 20 times.

CODE

Resolving link obfuscation
http://hihsqio.org&ezibeqnbjc98odjq7m0b%2eadamasnaghk%2ecom/
  Percent unescape: http://hihsqio.org&ezibeqnbjc98odjq7m0b.adamasnaghk.com/
  chopping username "hihsqio.org&" from URL: http://ezibeqnbjc98odjq7m0b.adamasnaghk.com/
  host ezibeqnbjc98odjq7m0b.adamasnaghk.com (checking ip) = 200.149.11.62
  host 200.149.11.62 (getting name) no name
  host ezibeqnbjc98odjq7m0b.adamasnaghk.com (checking ip) = 200.149.11.62
  host 200.149.11.62 (getting name) no name

Tracking link: http://ezibeqnbjc98odjq7m0b.adamasnaghk.com/
No recent reports, no history available
Resolves to 200.149.11.62

Finally, a LART offer.

I find it interesting that it has to get name twice before it will go to "tracking link". This seems to be true only if it needs to chop the username.

On other occasions I have seen it find three URLs, deobfuscate all three, and offer to LART none, one, two, or all three of them. On some occasions I have had to refresh about fifty times before it would generate a LART offer.

I can see that this is a problem in SC, and I guess I don't really want support on it at the moment. What I am trying to do here is provide enough information about it so that Julian can locate the problem and hopefully fix it. As a programmer, I know how much harder it is to fix a bug you can't replicate.

[Wazoo]

Have you looked at the FAQ here (recently)? Specific entry links to http://forum.spamcop.net/forums/index.php?showtopic=4085

While I'm at it, this post will be merged into the massive existing Topic already concerning this issue ....